CVE-2009-1129

{"id": "CVE-2009-1129", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-05-12T22:30:00.360", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=791", "source": "secure@microsoft.com"}, {"url": "http://osvdb.org/54387", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/32428", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/34839", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1022205", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1290", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6176", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka \"PP7 Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-1128."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria en el importador de PowerPoint 95 (biblioteca PP7X32. DLL) en Office PowerPoint 2000 SP3, 2002 SP3 y 2003 SP3 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una longitud de registro inconsistente en datos de sonido en un archivo que utiliza un formato de archivo nativo de PowerPoint 95 (PPT95), tambi\u00e9n se conoce como \"PP7 Memory Corruption Vulnerability\", una vulnerabilidad diferente de CVE-2009-1128."}], "lastModified": "2018-10-12T21:50:57.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_powerpoint:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34EA27E8-657D-4600-936C-423D753880F6"}, {"criteria": "cpe:2.3:a:microsoft:office_powerpoint:2002:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC12B313-5CBB-4590-A252-C6A406772CAE"}, {"criteria": "cpe:2.3:a:microsoft:office_powerpoint:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F57325F6-A2E0-4127-9A2F-DE6929AB29F3"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}